STE WILLIAMS

Geez, LinkedIn, you are one pushy app! If you’re not spamming users’ contacts (and getting sued for it), you’re pawing our Bluetooth – even after we thought you’d gone home for the night!

News of LinkedIn’s latest market-the-beejezus-out-of-us stunt came on Thursday, when security researcher Rik Ferguson spotted a proclamation from LinkedIn about wanting to make data available to nearby Bluetooth devices, “even when you’re not using the app”.

Ferguson tweeted a screenshot of the mobile app change notification, accompanying it with a “You want to do WHAT?!” message:

LinkedIn would like to WHAT?! pic.twitter.com/29uja6SEC2

— Rik Ferguson (@rik_ferguson) April 20, 2017

Ferguson said that the pop-up sprang up following an update that billed itself as only offering “general bug fixes and performance improvements”.

According to people who responded to his thread, both iOS and Android users were replicating the message. That’s in spite of LinkedIn’s claim, in a statement sent to the Register, that the prompt was sent out in error, to just to a handful of iOS users:

In order to help our members more easily connect with one another, we’re exploring an opt-in “find nearby” feature that will help them find other members nearby.

This will be an opt-in experience and members will have control of when their location is used for this feature. A prompt to enable Bluetooth on our iOS mobile app went out in error to a small group of LinkedIn members. We are working on a fix immediately and we apologise for any confusion.

A small group, eh? An “error”, you say? Ferguson said that that fish didn’t smell quite right:

Plenty of people on Twitter were able to replicate and I replicated it on three phones all running 9.1.25 of the app. … as if by magic, it looks like 9.1.26 came out this morning.

Should we care that LinkedIn, which did say it was working on a fix for the issue, wants to let us see other Linkees nearby? It is, after all, opt-in. The business networking app says it’s all about getting in more elbow rubbing when we’re at a conference, for example, or out getting some grub at the pub.

Opt-in or no, we’re always a bit leery of always-on Bluetooth, or near-field communication (NFC), for that matter. They’re great for connectivity, enabling us to use accessories such as wireless keyboards and headsets, or to make payments with a wave of our smartphones.

But it does open a door to your device and to your data, so we recommend either switching such features off or putting your device into “not discoverable” mode whenever possible.

Also, be careful when pairing: never accept requests from unknown devices.

You might want to check out our 10 tips to secure your smartphone, or our practical advice for handling smartphones in the workplace.

Oh, and LinkedIn? It’s great that you mea-culpa’ed your ham-handed “I will schmooze via Bluetooth even when I’m not running” message. After all, some of us were interpreting that message in a very UnLinkMe way:

@rik_ferguson All I read is “LinkedIn would like to be uninstalled from your device”

— Matteo Bertello (@Corralx) April 20, 2017

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/CEmOBVv2Q18/

Geez, LinkedIn, you are one pushy app! If you’re not spamming users’ contacts (and getting sued for it), you’re pawing our Bluetooth – even after we thought you’d gone home for the night!

News of LinkedIn’s latest market-the-beejezus-out-of-us stunt came on Thursday, when security researcher Rik Ferguson spotted a proclamation from LinkedIn about wanting to make data available to nearby Bluetooth devices, “even when you’re not using the app”.

Ferguson tweeted a screenshot of the mobile app change notification, accompanying it with a “You want to do WHAT?!” message:

LinkedIn would like to WHAT?! pic.twitter.com/29uja6SEC2

— Rik Ferguson (@rik_ferguson) April 20, 2017

Ferguson said that the pop-up sprang up following an update that billed itself as only offering “general bug fixes and performance improvements”.

According to people who responded to his thread, both iOS and Android users were replicating the message. That’s in spite of LinkedIn’s claim, in a statement sent to the Register, that the prompt was sent out in error, to just to a handful of iOS users:

In order to help our members more easily connect with one another, we’re exploring an opt-in “find nearby” feature that will help them find other members nearby.

This will be an opt-in experience and members will have control of when their location is used for this feature. A prompt to enable Bluetooth on our iOS mobile app went out in error to a small group of LinkedIn members. We are working on a fix immediately and we apologise for any confusion.

A small group, eh? An “error”, you say? Ferguson said that that fish didn’t smell quite right:

Plenty of people on Twitter were able to replicate and I replicated it on three phones all running 9.1.25 of the app. … as if by magic, it looks like 9.1.26 came out this morning.

Should we care that LinkedIn, which did say it was working on a fix for the issue, wants to let us see other Linkees nearby? It is, after all, opt-in. The business networking app says it’s all about getting in more elbow rubbing when we’re at a conference, for example, or out getting some grub at the pub.

Opt-in or no, we’re always a bit leery of always-on Bluetooth, or near-field communication (NFC), for that matter. They’re great for connectivity, enabling us to use accessories such as wireless keyboards and headsets, or to make payments with a wave of our smartphones.

But it does open a door to your device and to your data, so we recommend either switching such features off or putting your device into “not discoverable” mode whenever possible.

Also, be careful when pairing: never accept requests from unknown devices.

You might want to check out our 10 tips to secure your smartphone, or our practical advice for handling smartphones in the workplace.

Oh, and LinkedIn? It’s great that you mea-culpa’ed your ham-handed “I will schmooze via Bluetooth even when I’m not running” message. After all, some of us were interpreting that message in a very UnLinkMe way:

@rik_ferguson All I read is “LinkedIn would like to be uninstalled from your device”

— Matteo Bertello (@Corralx) April 20, 2017

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/CEmOBVv2Q18/

Geez, LinkedIn, you are one pushy app! If you’re not spamming users’ contacts (and getting sued for it), you’re pawing our Bluetooth – even after we thought you’d gone home for the night!

News of LinkedIn’s latest market-the-beejezus-out-of-us stunt came on Thursday, when security researcher Rik Ferguson spotted a proclamation from LinkedIn about wanting to make data available to nearby Bluetooth devices, “even when you’re not using the app”.

Ferguson tweeted a screenshot of the mobile app change notification, accompanying it with a “You want to do WHAT?!” message:

LinkedIn would like to WHAT?! pic.twitter.com/29uja6SEC2

— Rik Ferguson (@rik_ferguson) April 20, 2017

Ferguson said that the pop-up sprang up following an update that billed itself as only offering “general bug fixes and performance improvements”.

According to people who responded to his thread, both iOS and Android users were replicating the message. That’s in spite of LinkedIn’s claim, in a statement sent to the Register, that the prompt was sent out in error, to just to a handful of iOS users:

In order to help our members more easily connect with one another, we’re exploring an opt-in “find nearby” feature that will help them find other members nearby.

This will be an opt-in experience and members will have control of when their location is used for this feature. A prompt to enable Bluetooth on our iOS mobile app went out in error to a small group of LinkedIn members. We are working on a fix immediately and we apologise for any confusion.

A small group, eh? An “error”, you say? Ferguson said that that fish didn’t smell quite right:

Plenty of people on Twitter were able to replicate and I replicated it on three phones all running 9.1.25 of the app. … as if by magic, it looks like 9.1.26 came out this morning.

Should we care that LinkedIn, which did say it was working on a fix for the issue, wants to let us see other Linkees nearby? It is, after all, opt-in. The business networking app says it’s all about getting in more elbow rubbing when we’re at a conference, for example, or out getting some grub at the pub.

Opt-in or no, we’re always a bit leery of always-on Bluetooth, or near-field communication (NFC), for that matter. They’re great for connectivity, enabling us to use accessories such as wireless keyboards and headsets, or to make payments with a wave of our smartphones.

But it does open a door to your device and to your data, so we recommend either switching such features off or putting your device into “not discoverable” mode whenever possible.

Also, be careful when pairing: never accept requests from unknown devices.

You might want to check out our 10 tips to secure your smartphone, or our practical advice for handling smartphones in the workplace.

Oh, and LinkedIn? It’s great that you mea-culpa’ed your ham-handed “I will schmooze via Bluetooth even when I’m not running” message. After all, some of us were interpreting that message in a very UnLinkMe way:

@rik_ferguson All I read is “LinkedIn would like to be uninstalled from your device”

— Matteo Bertello (@Corralx) April 20, 2017

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/CEmOBVv2Q18/

Geez, LinkedIn, you are one pushy app! If you’re not spamming users’ contacts (and getting sued for it), you’re pawing our Bluetooth – even after we thought you’d gone home for the night!

News of LinkedIn’s latest market-the-beejezus-out-of-us stunt came on Thursday, when security researcher Rik Ferguson spotted a proclamation from LinkedIn about wanting to make data available to nearby Bluetooth devices, “even when you’re not using the app”.

Ferguson tweeted a screenshot of the mobile app change notification, accompanying it with a “You want to do WHAT?!” message:

LinkedIn would like to WHAT?! pic.twitter.com/29uja6SEC2

— Rik Ferguson (@rik_ferguson) April 20, 2017

Ferguson said that the pop-up sprang up following an update that billed itself as only offering “general bug fixes and performance improvements”.

According to people who responded to his thread, both iOS and Android users were replicating the message. That’s in spite of LinkedIn’s claim, in a statement sent to the Register, that the prompt was sent out in error, to just to a handful of iOS users:

In order to help our members more easily connect with one another, we’re exploring an opt-in “find nearby” feature that will help them find other members nearby.

This will be an opt-in experience and members will have control of when their location is used for this feature. A prompt to enable Bluetooth on our iOS mobile app went out in error to a small group of LinkedIn members. We are working on a fix immediately and we apologise for any confusion.

A small group, eh? An “error”, you say? Ferguson said that that fish didn’t smell quite right:

Plenty of people on Twitter were able to replicate and I replicated it on three phones all running 9.1.25 of the app. … as if by magic, it looks like 9.1.26 came out this morning.

Should we care that LinkedIn, which did say it was working on a fix for the issue, wants to let us see other Linkees nearby? It is, after all, opt-in. The business networking app says it’s all about getting in more elbow rubbing when we’re at a conference, for example, or out getting some grub at the pub.

Opt-in or no, we’re always a bit leery of always-on Bluetooth, or near-field communication (NFC), for that matter. They’re great for connectivity, enabling us to use accessories such as wireless keyboards and headsets, or to make payments with a wave of our smartphones.

But it does open a door to your device and to your data, so we recommend either switching such features off or putting your device into “not discoverable” mode whenever possible.

Also, be careful when pairing: never accept requests from unknown devices.

You might want to check out our 10 tips to secure your smartphone, or our practical advice for handling smartphones in the workplace.

Oh, and LinkedIn? It’s great that you mea-culpa’ed your ham-handed “I will schmooze via Bluetooth even when I’m not running” message. After all, some of us were interpreting that message in a very UnLinkMe way:

@rik_ferguson All I read is “LinkedIn would like to be uninstalled from your device”

— Matteo Bertello (@Corralx) April 20, 2017

Follow @NakedSecurity
Follow @LisaVaas

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/CEmOBVv2Q18/

Your daily round-up of some of the other stories in the news

Denmark accuses Russia of hacking emails

Moscow on Monday denied an accusation by Denmark’s defence minister, Claus Hjort Frederiksen, that Russia had hacked Danish defence ministry staff’s emails for two years.

Frederiksen told Ritzau, a Danish news agency, that the hacking group known as Fancy Bear had accessed department staffers’ emails “as part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia”. He added that “the hacked emails don’t contain military secrets, but it is of course serious”.

Kremlin spokesman Dmitry Peskov told reporters that “Russia as a state does not do hacking attacks”.

Flying taxi completes first test flight

Flying cars might have come a step closer after a Lilium, a German company, completed the first test-flight of its prototype electric “flying taxi”.

In a video the company posted of its two-seater prototype, the vehicle lifts off vertically, like a helicopter, and then switches to wing lift for forward flight. The vehicle used in the test flight was controlled remotely, like a drone, but the company, which is backed by investors including Niklas Zennstrom, the Skype founder, says its first test flight with a human being at the controls is coming soon.

Lilium isn’t the first company to be developing flying taxis: back in February, we reported that Dubai’s Road and Transport Authority said the city hoped to be able to offer a pilotless flying taxi – the Chinese-ade EHang 184 – this summer to transport passengers between fixed points.

Free tools make getting started in hacking ‘easy’

Teenagers see hacking as a “moral crusade”, according to a study of teenagers by the UK’s National Crime agency, while others are motivated by a desire to prove themselves to friends.

The report warns that the availability of free hacking tools such as DDoS-for-hire services and the low level of tech expertise required to use those tools means it’s easy for teenagers to get started in hacking, bringing “the ability to cause significant harm within the reach of the young and relatively unskilled cyber criminals”.

One gateway, suggests the report, is the online forums and communities built around creating game mods and cheats. The report also notes that the stereotype of a lone teenage hacker isn’t accurate, saying “social relationships, albeit online, are key. Forum interaction and building of reputation drives young cyber criminals.”

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/qjucQRMGvpY/

Your daily round-up of some of the other stories in the news

Denmark accuses Russia of hacking emails

Moscow on Monday denied an accusation by Denmark’s defence minister, Claus Hjort Frederiksen, that Russia had hacked Danish defence ministry staff’s emails for two years.

Frederiksen told Ritzau, a Danish news agency, that the hacking group known as Fancy Bear had accessed department staffers’ emails “as part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia”. He added that “the hacked emails don’t contain military secrets, but it is of course serious”.

Kremlin spokesman Dmitry Peskov told reporters that “Russia as a state does not do hacking attacks”.

Flying taxi completes first test flight

Flying cars might have come a step closer after a Lilium, a German company, completed the first test-flight of its prototype electric “flying taxi”.

In a video the company posted of its two-seater prototype, the vehicle lifts off vertically, like a helicopter, and then switches to wing lift for forward flight. The vehicle used in the test flight was controlled remotely, like a drone, but the company, which is backed by investors including Niklas Zennstrom, the Skype founder, says its first test flight with a human being at the controls is coming soon.

Lilium isn’t the first company to be developing flying taxis: back in February, we reported that Dubai’s Road and Transport Authority said the city hoped to be able to offer a pilotless flying taxi – the Chinese-ade EHang 184 – this summer to transport passengers between fixed points.

Free tools make getting started in hacking ‘easy’

Teenagers see hacking as a “moral crusade”, according to a study of teenagers by the UK’s National Crime agency, while others are motivated by a desire to prove themselves to friends.

The report warns that the availability of free hacking tools such as DDoS-for-hire services and the low level of tech expertise required to use those tools means it’s easy for teenagers to get started in hacking, bringing “the ability to cause significant harm within the reach of the young and relatively unskilled cyber criminals”.

One gateway, suggests the report, is the online forums and communities built around creating game mods and cheats. The report also notes that the stereotype of a lone teenage hacker isn’t accurate, saying “social relationships, albeit online, are key. Forum interaction and building of reputation drives young cyber criminals.”

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/qjucQRMGvpY/

Your daily round-up of some of the other stories in the news

Denmark accuses Russia of hacking emails

Moscow on Monday denied an accusation by Denmark’s defence minister, Claus Hjort Frederiksen, that Russia had hacked Danish defence ministry staff’s emails for two years.

Frederiksen told Ritzau, a Danish news agency, that the hacking group known as Fancy Bear had accessed department staffers’ emails “as part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia”. He added that “the hacked emails don’t contain military secrets, but it is of course serious”.

Kremlin spokesman Dmitry Peskov told reporters that “Russia as a state does not do hacking attacks”.

Flying taxi completes first test flight

Flying cars might have come a step closer after a Lilium, a German company, completed the first test-flight of its prototype electric “flying taxi”.

In a video the company posted of its two-seater prototype, the vehicle lifts off vertically, like a helicopter, and then switches to wing lift for forward flight. The vehicle used in the test flight was controlled remotely, like a drone, but the company, which is backed by investors including Niklas Zennstrom, the Skype founder, says its first test flight with a human being at the controls is coming soon.

Lilium isn’t the first company to be developing flying taxis: back in February, we reported that Dubai’s Road and Transport Authority said the city hoped to be able to offer a pilotless flying taxi – the Chinese-ade EHang 184 – this summer to transport passengers between fixed points.

Free tools make getting started in hacking ‘easy’

Teenagers see hacking as a “moral crusade”, according to a study of teenagers by the UK’s National Crime agency, while others are motivated by a desire to prove themselves to friends.

The report warns that the availability of free hacking tools such as DDoS-for-hire services and the low level of tech expertise required to use those tools means it’s easy for teenagers to get started in hacking, bringing “the ability to cause significant harm within the reach of the young and relatively unskilled cyber criminals”.

One gateway, suggests the report, is the online forums and communities built around creating game mods and cheats. The report also notes that the stereotype of a lone teenage hacker isn’t accurate, saying “social relationships, albeit online, are key. Forum interaction and building of reputation drives young cyber criminals.”

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/qjucQRMGvpY/

Your daily round-up of some of the other stories in the news

Denmark accuses Russia of hacking emails

Moscow on Monday denied an accusation by Denmark’s defence minister, Claus Hjort Frederiksen, that Russia had hacked Danish defence ministry staff’s emails for two years.

Frederiksen told Ritzau, a Danish news agency, that the hacking group known as Fancy Bear had accessed department staffers’ emails “as part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia”. He added that “the hacked emails don’t contain military secrets, but it is of course serious”.

Kremlin spokesman Dmitry Peskov told reporters that “Russia as a state does not do hacking attacks”.

Flying taxi completes first test flight

Flying cars might have come a step closer after a Lilium, a German company, completed the first test-flight of its prototype electric “flying taxi”.

In a video the company posted of its two-seater prototype, the vehicle lifts off vertically, like a helicopter, and then switches to wing lift for forward flight. The vehicle used in the test flight was controlled remotely, like a drone, but the company, which is backed by investors including Niklas Zennstrom, the Skype founder, says its first test flight with a human being at the controls is coming soon.

Lilium isn’t the first company to be developing flying taxis: back in February, we reported that Dubai’s Road and Transport Authority said the city hoped to be able to offer a pilotless flying taxi – the Chinese-ade EHang 184 – this summer to transport passengers between fixed points.

Free tools make getting started in hacking ‘easy’

Teenagers see hacking as a “moral crusade”, according to a study of teenagers by the UK’s National Crime agency, while others are motivated by a desire to prove themselves to friends.

The report warns that the availability of free hacking tools such as DDoS-for-hire services and the low level of tech expertise required to use those tools means it’s easy for teenagers to get started in hacking, bringing “the ability to cause significant harm within the reach of the young and relatively unskilled cyber criminals”.

One gateway, suggests the report, is the online forums and communities built around creating game mods and cheats. The report also notes that the stereotype of a lone teenage hacker isn’t accurate, saying “social relationships, albeit online, are key. Forum interaction and building of reputation drives young cyber criminals.”

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/qjucQRMGvpY/

Your daily round-up of some of the other stories in the news

Denmark accuses Russia of hacking emails

Moscow on Monday denied an accusation by Denmark’s defence minister, Claus Hjort Frederiksen, that Russia had hacked Danish defence ministry staff’s emails for two years.

Frederiksen told Ritzau, a Danish news agency, that the hacking group known as Fancy Bear had accessed department staffers’ emails “as part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia”. He added that “the hacked emails don’t contain military secrets, but it is of course serious”.

Kremlin spokesman Dmitry Peskov told reporters that “Russia as a state does not do hacking attacks”.

Flying taxi completes first test flight

Flying cars might have come a step closer after a Lilium, a German company, completed the first test-flight of its prototype electric “flying taxi”.

In a video the company posted of its two-seater prototype, the vehicle lifts off vertically, like a helicopter, and then switches to wing lift for forward flight. The vehicle used in the test flight was controlled remotely, like a drone, but the company, which is backed by investors including Niklas Zennstrom, the Skype founder, says its first test flight with a human being at the controls is coming soon.

Lilium isn’t the first company to be developing flying taxis: back in February, we reported that Dubai’s Road and Transport Authority said the city hoped to be able to offer a pilotless flying taxi – the Chinese-ade EHang 184 – this summer to transport passengers between fixed points.

Free tools make getting started in hacking ‘easy’

Teenagers see hacking as a “moral crusade”, according to a study of teenagers by the UK’s National Crime agency, while others are motivated by a desire to prove themselves to friends.

The report warns that the availability of free hacking tools such as DDoS-for-hire services and the low level of tech expertise required to use those tools means it’s easy for teenagers to get started in hacking, bringing “the ability to cause significant harm within the reach of the young and relatively unskilled cyber criminals”.

One gateway, suggests the report, is the online forums and communities built around creating game mods and cheats. The report also notes that the stereotype of a lone teenage hacker isn’t accurate, saying “social relationships, albeit online, are key. Forum interaction and building of reputation drives young cyber criminals.”

Catch up with all of today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/qjucQRMGvpY/

Jojo Hedaya, the CEO of email summarizer Unroll.me, has apologized to his users for not telling them clearly enough that they are the product, not his website.

Unroll.me is owned by analytics outfit Slice Intelligence, and the site began life in 2011 with a fairly useful function. Its software crawls through your email inbox, noting which services and alerts you have signed up for. You can unsubscribe from the stuff you don’t want, and shift all those regular emails you do want into a digest, sent once a day.

It’s a way of tidying up and organizing all those notifications from your bank, newsletters, and so on. It’s also free to use, and it accesses your email account, and so obviously it sells anonymized summaries of your messages to anyone with a checkbook.

Over the weekend, it emerged Uber had, at times, played fast and loose with people’s privacy. At one point, it was buying anonymized summaries of people’s emails from Unroll.me, allowing the ride-hailing app maker to, for instance, figure out how many folks were using rival Lyft based on their emailed receipts.

Not a great look. So in a blog post Sunday, Hedaya apologized – not for actually selling off the contents of users’ inboxes, but for upsetting people when they found out.

“Our users are the heart of our company and service. So it was heartbreaking to see that some of our users were upset to learn about how we monetize our free service,” he said. “And while we try our best to be open about our business model, recent customer feedback tells me we weren’t explicit enough.”

Hedaya didn’t apologize for selling the data, which he said was all legitimate and above board. If users had bothered to go through the 5,000 words that make up the app’s terms conditions and privacy policy, they would have seen the legalese that allows such practices.

However, not everyone reads the small print, Hedaya lamented, saying he was very bad at it himself. So the company is going to be clearer about how it sells its users’ information, he promised. Based on the comments so far, those users aren’t impressed.

“What a load of hand-in-the-cookie-jar bullshit this is,” remarked one comment poster on Hedaya’s blog, echoing the tone of many others furious that they’ve been screwed over by a tool they trusted. Unroll.me once billed itself as a privacy application.

“Your entire service – your entire reason for existence, as far as your cherished customers see it – exists solely, wholly for the purposes of reclaiming privacy and inbox peace and quiet. Yes, I bet it is heartbreaking that this information got out this way.”

Do yourself a favor and immediately stop using it. Don’t give third parties access to your inboxes. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/04/24/unrollme_caught_selling_email_to_uber/